\section{Design}

\subsection{Entities}

\frame
{
\frametitle{Web server}

\begin{itemize}

\item Users interact with a web server producing dynamic content

\item Web content is produced through status data (in XML form) pulled from
many nodes in a peer-to-peer network 


\item Users can send commands to the p2p network nodes via the web service
and read the resulting state

\end{itemize}

}


\frame
{
\frametitle{Nodes}
\begin{itemize}
\wait
\item All nodes of the p2p network should always connect to the web server

\wait
\item Nodes of the p2p network may connect between them to exchange data

\begin{itemize}
\item The initiator of such a process is always the web server, who provides
each node with the IP address of the other 
\item  The connection between two nodes should be terminated after a command is
served
\end{itemize}


\end{itemize}
}


\subsection{Security Design}

\frame
{
\frametitle{Security Model}

\begin{itemize}

\wait
\item Users have to authenticate on the web server and can see only the state
of the nodes they own

\wait
\item All data transmission (both from the users to the web-server and from the
server to the p2p network) is encrypted through SSL (https, ssl on sockets,
etc.)

\wait
\item Web server URLs should be encoded in a secure manner in order to avoid
attacks by malicious users or proxies

\end{itemize}

}




\frame
{
\frametitle{Attacker Model}


\begin{itemize}

\item An attacker can have fake id

\item An attacker can send fake messages for data transfer

\wait

\item An attacker can be a fake web server(?)

\item An attacker can have multiple identities(?)

\end{itemize}

}











